diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2021-03-06 16:05:15 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2021-11-02 21:52:16 +0000 |
commit | cb04bfc55a8e4e370fc8d7865cb502ea788d6556 (patch) | |
tree | afcc90ec4a38c410f7f882a0195ff3abcd205af2 /lib | |
parent | e431362a70145caf587d5e28978a0ad4588326e0 (diff) | |
download | samba-cb04bfc55a8e4e370fc8d7865cb502ea788d6556.tar.gz |
ldb: fix ldb_comparison_fold off-by-one overrun
We run one character over in comparing all the bytes in two ldb_vals.
In almost all circumstances both ldb_vals would have an allocated '\0'
in the overrun position, but it is best not to rely on that.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2b2f4f519454beb6f2a46705675a62274019fc09)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ldb/common/attrib_handlers.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c index f0fd4f50d8d..6a885065f77 100644 --- a/lib/ldb/common/attrib_handlers.c +++ b/lib/ldb/common/attrib_handlers.c @@ -334,8 +334,8 @@ int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx, if (toupper((unsigned char)*s1) != toupper((unsigned char)*s2)) break; if (*s1 == ' ') { - while (n1 && s1[0] == s1[1]) { s1++; n1--; } - while (n2 && s2[0] == s2[1]) { s2++; n2--; } + while (n1 > 1 && s1[0] == s1[1]) { s1++; n1--; } + while (n2 > 1 && s2[0] == s2[1]) { s2++; n2--; } } s1++; s2++; n1--; n2--; |